Binance cryptocurrency exchange blames hackers in theft of $40 million in bitcoin

Share

Written by

Thieves have stolen more than $40 million worth of bitcoin from Binance, one of the world’s largest cryptocurrency exchanges, as part of a “large scale” security incident affecting roughly 2 percent of its bitcoin holdings, the company announced Tuesday.

Hackers stole two-factor authentication keys, API data, and “potentially other info” through an attack that combined phishing and viruses, Binance said in a May 7 statement. The result was the withdrawal of 7,000 bitcoin, worth nearly $41 million at the time of the heist, from Binance’s “hot wallet” when the time was right. No user funds were affected by the breach.

“The hackers had the patience to wait, and execute well-orchestrated actions through multiple seemingly independent accounts at the most opportune time,” the company said. “The transaction is structured in a way that passed our existing security checks. It was unfortunate that we were not able to block this withdrawal before it was executed. Once executed, the withdrawal triggered various alarms in our system. We stopped all withdrawals immediately after that.”

The company says it stopped all withdrawals immediately after that transaction was approved. It estimated it will take one week to conduct a security review, in which time withdrawals and deposits will remain suspended, though trading will continue.

Binance, in its statement, said it will use its Secure Asset Fund for Users, stored in a separate wallet, to cover any losses.

“It does very hurt much but we are able to cover that,” Binance CEO Changpeng Zheo said in a video posted following the announcement. “We are not short on funds right now.”

The value of bitcoin remains roughly 70 percent below its record high in December 2017.

The United Nations in March linked North Korean hackers to the theft of at least $571 million from cryptocurrency exchanges, money Pyongyang could use to mitigate the impact of international sanctions.